Sophisticated Google Docs Phishing Scam Uncovered By Symantec

So one of the basic rules in identifying a Gmail phishing message is to check the email domain, the name at which the email is hosted. You can do this by opening the message and reading the sender’s email address at the top left corner of your message, the [from:] field. As you can see in the screenshot below, the mail is coming from the authentic Gmail Team mail-noreply@google.com. If you see a misspelled domain or any email domain that tries to imitate Google, for example @go0gle.com, @googleteam.com, @googgle.com and many other variations, then you should know that it’s a fake domain.

Authentic Google Email Domain

Authentic Google Email Doman

However, as revealed by Symantec, scammers are getting more sophisticated and clever. They have devised a new phishing trick that makes use of an authentic domain name used by Google and Gmail. What does this mean? Well, it means you should be more wary, you should not rely on one sign to identify a fake phishing email. Look for many tell-tale signs. In this case, most people would easily be tricked into signing on a fake page because the domain is authentic.

The scammer who devised this trick definitely knows that many people will log into a fake page if the URL or domain is real. Besides using an authentic Google domain which makes use of a secure SSL certificate, this smart scammer created an authentic-looking Google Drive login page. Here is how the system works:

Inside Google Drive, which is a cloud server, the scammer created a public folder to host a fake Google login page. Google Drive files can be shared as a link and they can be opened online via Google Docs to view them. The scammer then inserted the links in Gmail messages, along with a message asking the recipient to open an “important” document. On clicking the link, the recipient will be directed to a fake Google Drive login page. All the while, the recipient will see an authentic Google URL, so there is no reason to doubt the authenticity of the page.Also, if you are regular user of secure websites, being asked to sign in again is not a new thing. It is not a surprise therefore that most Gmail users will think that being required to log in and out of your account is a security measure that Gmail takes to protect your account.

Once you sign in on the fake page, your login details will be captured and sent to an external server hosted by the scammer.What makes this scam sophisticated is that it doesn’t leave you with a feeling that something is wrong. It’s a smooth operator, after clicking the sign-in button, you will be redirected to the Google Docs document that was promised in the email.

Google Drive Login Phishing Page That Looks Real

So How Do You Protect Yourself?

We said one of the rules for identifying a fake phishing page is checking the domain name.However, what if you are hit by a scam that makes use of an authentic domain or URL as demonstrated by the scam above? Anyone can be a victim of this scam, and above all, you will be a victim without knowing it. Here are ways to protect yourself from this scam: